If permissions to modify an Organizational Unit (OU) are intentionally or accidentally delegated to a user who shouldn’t have them, it can lead to leakage of sensitive data. For example, a user with these permissions can reset passwords to any account and use new credentials to get access to sensitive data, such as financial statements or medical records.

Step 6: Filter Event Log

Open Event Viewer → Search security log for event ID 5136 (a directory service object was modified).
After that you will be able to see who has modified permissions to what OU with a list of security descriptors.